Command Injection in rakibtg Docker Dashboard Product
CVE-2021-27886

9.8CRITICAL

Key Information:

Vendor

Docker Dashboard Project

Status
Docker Dashboard
Vendor
CVE Published:
2 March 2021

What is CVE-2021-27886?

The rakibtg Docker Dashboard is vulnerable to command injection due to improper handling of the command parameter in API requests. Attackers can exploit this vulnerability by injecting shell metacharacters, potentially allowing unauthorized command execution on the server hosting the application. This exploitation can compromise the integrity and confidentiality of the affected systems, making it imperative for users to update to the latest version to mitigate this risk.

References

https://github.com/rakibtg/docker-web-gui/issues/23
x_refsource_MISC
https://github.com/rakibtg/docker-web-gui/commit/79cdc418...
x_refsource_MISC
https://www.docker.com/legal/trademark-guidelines
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.